Understanding Java JRE Bug #6669818

NETLAB+ uses Java for several functions, including remote device access and remote PC access.

Some Java JRE versions have a known bug (6669818) which prevents outbound connections back to the server under certain conditions. Starting with NETLAB+ version 4.0.25b, the NETLAB+ port test feature detects if the conditions in which the bug occurs will be triggered.

Conditions

These specific conditions are known to cause this error:

  1. You are using a Firefox browser, and...
  2. Your Firefox browser uses a Java JRE plug-in version 1.6.0_03 to 1.6.0_07, and...
  3. You access a NETLAB+ system using a DNS name, such as http://netlab.someplace.org, and...
  4. A reverse entry (IP to host name) in the DNS exists, and...
  5. The reverse entry does not match the original hostname. For example, netlab.someplace.org maps to 192.168.1.50, but 192.168.1.50 maps to http://host50.someisp.net.

Explanation

Starting with Java JRE 1.6.0_03 for Firefox, the JRE performs DNS reverse lookups on outbound connections. If the reverse entry does not match the forward entry, Java may throw a security exception. After many legitimate web sites started to break (bug ID 6669819), this restriction was relaxed in version 1.6.0_10.

Resolutions

Either of the following actions will permanently avoid this problem.

Resolution 1: Change DNS (if possible) so that forward and reverse entries match. This action must be taken by the network administrator at the NETLAB+ site. If reverse DNS for the NETLAB+ site is managed by an ISP, the ISP must make this change. 


Examples:

#1)  netlab.someplace.org --> 192.168.1.50
     192.168.1.50 --> host50.someisp.net    WRONG!

#2)  netlab.someplace.org --> 192.168.1.50
     192.168.1.50 --> netlab.someplace.org  CORRECT

#3)  netlab.someplace.org --> 192.168.1.50
     192.168.1.50 --> (not mapped)          OK

Resolution 2: Upgrade to Java JRE 1.6.0_10 or later. This action can be taken by Firefox users. At the time of this writing, JRE 1.6.0_10 is a release candidate and must be downloaded. When JRE_1.6.0_10 or later versions are officially released, you may upgrade using the Java control panel or Java automatic update process. The Java installer allows you to choose which browsers to upgrade. Be sure to apply the Java upgrade to your Firefox browser! You may also have to repeat this process if you upgrade from Firefox 2 to Firefox 3.

Workarounds

If you cannot implement either of the two permanent resolutions above, either of these workarounds may also be used.

Workaround 1: Use the NETLAB+ IP address instead of the DNS host name. For example, http://192.168.1.50.

Workaround 2: Use a supported version of Microsoft Internet Explorer.

Return to support >